MALWARE: unknown ransomware, but unsegmented domain
According to the source, a “domain admin” — a user with the highest level of privileges on the network — clicked on a malicious link while they were logged in, which triggered the file-encrypting malware, according to Tech Crunch report. Because the thousands of computers on the network were on the same, unsegmented domain, the ransomware quickly spread to every CPI office, including its on-site backups, the source said.
Incidents Caused by this Malware
- January 15, 2020: Ransomware Bites Defense Manufacturer, Communications & Power Industries
Threat Actors Known to use this Malware
No threat actors identified